The Clam version I'm gonna talk about is there: http://www.clamav.net/about/win32/ So it's about the famous new technology "in the cloud".
It runs on Win 7 fully patched, and also on WXP SP3 with all security patches.
Since it's not the first false positive I notice while using Clam ITC, I'm gonna report here a few examples I find interesting.
Filezilla :
First I had an issue while trying to download Filezilla client.
I was there: http://filezilla-project.org/download.php?type=client
then I went to: http://sourceforge.net/projects/filezilla/files/FileZilla_Client/3.3.5.1/FileZilla_3.3.5.1_win32-setup.exe/download
At the beginning of the download Clam ITC prompted a warning telling me that a W32.corrupt had been detected and deleted.
But if I refresh the page, the download will then start without any alert...
To a lambda user, this could be annoying / worrying. But what I try to understand is why this happens only from time to time, and not always, with the same link... is there any problem with Clam ITC signatures spreading or generating?
Liberkey - HDspeed :
While trying to update my local Liberky install, Clam did prompt an alert about several detections...
Why the French version of HDSpeed should be detected as a quite different threat from the standard (international) version?
This one, I don't really know if Clam is right or not. I'll find out and update my post.